From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 11 Feb 2025 22:19:51 +0000 (+0100)
Subject: libcli/lsarpc: let trust_forest_info_from_lsa2() handle BINARY and SCANNER records
X-Git-Tag: tevent-0.17.0~692
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=34b47c9c22c3b183ea8a8d2c042eed8cf4a44f77;p=thirdparty%2Fsamba.git

libcli/lsarpc: let trust_forest_info_from_lsa2() handle BINARY and SCANNER records

The tricky part is that we also need to upgrade
LSA_FOREST_TRUST_BINARY_DATA records into FOREST_TRUST_SCANNER_INFO records.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---

diff --git a/libcli/lsarpc/util_lsarpc.c b/libcli/lsarpc/util_lsarpc.c
index a9c6cbd9823..351ac4b8481 100644
--- a/libcli/lsarpc/util_lsarpc.c
+++ b/libcli/lsarpc/util_lsarpc.c
@@ -956,6 +956,61 @@ NTSTATUS trust_forest_info_to_lsa(TALLOC_CTX *mem_ctx,
 	return NT_STATUS_OK;
 }
 
+static NTSTATUS trust_forest_record_lsa_2to2(TALLOC_CTX *mem_ctx,
+				const struct lsa_ForestTrustRecord2 *in,
+				struct lsa_ForestTrustRecord2 *out)
+{
+	const struct lsa_ForestTrustBinaryData *binary = NULL;
+
+	if (in == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	out->flags = in->flags;
+	out->time = in->time;
+
+	switch (in->type) {
+	case LSA_FOREST_TRUST_TOP_LEVEL_NAME:
+		out->type = LSA_FOREST_TRUST_TOP_LEVEL_NAME;
+		out->forest_trust_data.top_level_name =
+			in->forest_trust_data.top_level_name;
+
+		return NT_STATUS_OK;
+
+	case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX:
+		out->type = LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX;
+		out->forest_trust_data.top_level_name_ex =
+			in->forest_trust_data.top_level_name_ex;
+
+		return NT_STATUS_OK;
+
+	case LSA_FOREST_TRUST_DOMAIN_INFO:
+		out->type = LSA_FOREST_TRUST_DOMAIN_INFO;
+		out->forest_trust_data.domain_info =
+			in->forest_trust_data.domain_info;
+
+		return NT_STATUS_OK;
+
+	case LSA_FOREST_TRUST_BINARY_DATA:
+		binary = &in->forest_trust_data.data;
+
+		return trust_forest_record_lsa_resolve_binary(mem_ctx,
+							      in->flags,
+							      in->time,
+							      binary,
+							      out);
+
+	case LSA_FOREST_TRUST_SCANNER_INFO:
+		out->type = LSA_FOREST_TRUST_SCANNER_INFO;
+		out->forest_trust_data.domain_info =
+			in->forest_trust_data.domain_info;
+
+		return NT_STATUS_OK;
+	}
+
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
 NTSTATUS trust_forest_info_from_lsa2(TALLOC_CTX *mem_ctx,
 				const struct lsa_ForestTrustInformation2 *lfti,
 				struct ForestTrustInfo **_fti)
@@ -982,12 +1037,24 @@ NTSTATUS trust_forest_info_from_lsa2(TALLOC_CTX *mem_ctx,
 
 	for (i = 0; i < fti->count; i++) {
 		const struct lsa_ForestTrustRecord2 *lftr2 = lfti->entries[i];
+		struct lsa_ForestTrustRecord2 _lftr2 = { .flags = 0, };
 		struct ForestTrustInfoRecord *ftr = &fti->records[i].record;
+		TALLOC_CTX *frame = talloc_stackframe();
 		NTSTATUS status;
 
-		status = trust_forest_record_from_lsa(fti->records,
+		status = trust_forest_record_lsa_2to2(frame,
 						      lftr2,
+						      &_lftr2);
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(frame);
+			TALLOC_FREE(fti);
+			return status;
+		}
+
+		status = trust_forest_record_from_lsa(fti->records,
+						      &_lftr2,
 						      ftr);
+		TALLOC_FREE(frame);
 		if (!NT_STATUS_IS_OK(status)) {
 			TALLOC_FREE(fti);
 			return status;